Activeadmin restrict access to non superuser items

Question

I'm using ActiveAdmin on Rails and I'm trying to lock down the section of the site which maintains admin users to non superusers.

Naturally I can hide the menu option like this:

ActiveAdmin.register AdminUser do
  menu :parent => "Settings", :if => proc { current_admin_user.superuser }
end

However the route still works if you bypass the menu and go directly to /admin/admin_users

What is the best practice to lock down the routes and controller for admins in ActiveAdmin.

Answer 1

You can add a before_filter to a controller block where the resource is registered, this is working for me:

ActiveAdmin.register User do

  menu :if => proc{ current_user.superadmin? }

  controller do
    before_filter :superadmin_filter

    def superadmin_filter
      raise ActionController::RoutingError.new('Not Found') unless current_user.superadmin?
    end
  end

source